What you can learn from the Friend Finder data breach

by James Stevenson ·
Published 19th November 2016
· Updated 6th January 2017

Organizations becoming the victim of security breaches has become a well known fact. In the past month three high standing organisations: FriendFinder, NHS and Three, have all fallen victim to a data breach. The IBM 2016 Ponemon study revealed that on average a data breach costs an organization $4 million. The study also reports that the average cost incurred for each lost or stolen record containing sensitive and confidential information increased to $158. With costs like this organisations need to make sure they’re doing everything they can to keep risks at a minimum.

The average cost incurred for each lost or stolen record containing sensitive and confidential information increased to $158.

In light of the news from the Friend Finder data breach Tod Beardsley, Senior Research Manager at Rapid7, commented.

“The Friend Finder breach is notable not only for its size, but also for the private nature of the data. While no direct personal information beyond the account credentials are included, it’s a relatively simple matter for an attacker armed with this data to start enumerating accounts automatically. The Friend Finder network, so far, has not confirmed the breach, and therefore, is not yet forcing password resets for its users. This is an invitation for attackers to race against any future account control measures implemented by Friend Finder.

Breaches happen to all sorts of companies, large and small. When a company is holding the intimate personal details of its users, it’s critical they act quickly to mitigate losses and prevent further loss of privacy. Many of the victims of this breach shared frank and quasi-anonymous discussions concerning sexuality, sexual orientation, and gender identity issues; they may now be concerned about physical danger, abusive spouses, or repressive governments. I am hopeful that the Friend Finder Network will take corrective action, such as password resets and other account controls in order to protect their users.”